The present invention relates to a card reader module, in particular to a manual insertion or “dip” card reader. More particularly, the invention addresses the issue of card skimming at a self-service terminal (SST), such as an automated teller machine (ATM), or any other terminal using a manual insertion card reader module.
There are two different types of card readers, manual (or dip) card readers and automatic card readers. In automatic card readers a sensor adjacent to the card entry slot detects the presence of a card bearing a magnetic stripe. Once the magnetic strip is detected an internal shutter is activated and moves out of the path of the card. As the card is partially inserted it is received by transport rollers which transport the card into the body of the reader. The problem of “skimming” a card, where the magnetic stripe is read by an unauthorized reading device placed over the card slot, may be addressed by ensuring that the motion of the card is irregular until the card is fully within the body of the card reader. This randomly fluctuating path is achieved by programmed control of the aforementioned transport rollers, as detailed in U.S. Pat. No. 6,460,771, in the name of NCR Corporation.
However, in dip card readers the card is inserted and withdrawn manually, by the user, and the approach detailed above is not feasible.
A dip card reader makes two attempts to read a magnetic stripe card, once during the insertion phase and once again during the withdrawal phase. The dip card reader uses the better of the two readings (normally the withdrawal reading) to process the transaction. The card motion during the manual process must be uniform to achieve a good reading of the magnetic stripe. Any fluctuation as with the automatic reader would result in a failure to read the magnetic stripe.
As briefly mentioned above, card skimming is the copying of the data stored on a magnetic stripe of a card either directly onto another card or into some form of storage, to be transferred at some later date onto a card, which can then be used for fraudulent purposes. This is a particular problem for dip card readers, given that the solution utilized with automatic card readers cannot be applied to dip readers.
The commercial significance of this problem is heightened by the fact that many ATM's or other self-service devices use dip card readers that are operated by customers in an unsupervised environment. This gives criminals the opportunity to attach a skimming device to the outside of a dip reader which is designed to blend in with the fascia of the ATM or self-service device in order not to arouse the customer's suspicion. The skimming device does not prevent the user from withdrawing the card, nor does it prevent legitimate reading of the card by the card reader, hence giving the user no hint that any fraud has taken place. Therefore, the customer departs having completed the transaction and is completely unaware that all the details on the magnetic stripe on their card have been stolen.
Skimming, especially with dip card readers, has been a significant issue for ATM service providers for many years. Consequently, there has long been a need to address this extremely commercially significant issue, without notable success.